Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
-
submitted
11/03/2025, 10:30
General
-
Target
JaffaCakes118_64bb5f34d14136aecb74a9823b05da95.exe
-
Size
669KB
-
MD5
64bb5f34d14136aecb74a9823b05da95
-
SHA1
780bf7c4621cf7b0baebfc5b1d091b8747a9a2c4
-
SHA256
3dfa9e7711d8d1f684d630d91554beddf4520908598018835b93625d6f895a79
-
SHA512
ea912e24997a9a7fd3364bb29c178cf02f901f5dee05496078741414feccbd839a53cfda0e3486bbf736cf53f8c387ac52175c6c3458f2af470be805312c5dc9
-
SSDEEP
12288:peaMYfSVysM7+UQxscJY4ksU8lewCWkEmqS7U5CRs3MKUGa5noS5:aYDCUQic9+8MXWkEmqmU5CRs3MYcn
Score
10/10
Malware Config
Signatures
-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload 10 IoCs
-
Modifies firewall policy service 3 TTPs 10 IoCs
-
UAC bypass 3 TTPs 1 IoCs
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 3 IoCs
-
Adds Run key to start application 2 TTPs 64 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies registry key 1 TTPs 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 36 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_64bb5f34d14136aecb74a9823b05da95.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_64bb5f34d14136aecb74a9823b05da95.exe"1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CADHRK.bat" "2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD3⤵
-
-
C:\Windows\SysWOW64\reg.exeREG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f3⤵
- UAC bypass
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lekXG.bat" "2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\Java\JavaVM.exe"C:\Windows\Java\JavaVM.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\Java\JavaVM.exe"C:\Windows\Java\JavaVM.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f5⤵
- Modifies firewall policy service
- Modifies registry key
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Windows\Java\JavaVM.exe" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe:*:Enabled:Windows Messanger" /f4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Windows\Java\JavaVM.exe" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe:*:Enabled:Windows Messanger" /f5⤵
- Modifies firewall policy service
- Modifies registry key
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v "DoNotAllowExceptions" /t REG_DWORD /d "0" /f5⤵
- Modifies firewall policy service
- Modifies registry key
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c REG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\BS_.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\BS_.exe:*:Enabled:Windows Messanger" /f4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List /v "C:\Users\Admin\AppData\Roaming\BS_.exe" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\BS_.exe:*:Enabled:Windows Messanger" /f5⤵
- Modifies firewall policy service
- Modifies registry key
-
-
-
-
C:\Windows\Java\JavaVM.exe"C:\Windows\Java\JavaVM.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IHUBK.bat" "4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DMEJX.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VRBRL.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ONAIR.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HTEDH.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KXWJR.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TUSAM.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QXDMA.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CNWNB.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GYXTU.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUBCE.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ELUKQ.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FDFVI.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FNBYV.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QSEIC.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AHQHM.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HWBGV.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CFTRI.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XEWHT.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RCBFX.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VHOSE.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WCVEU.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LUXTX.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IHVCL.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VHPHB.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WUXNN.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RHRLJ.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VVGBO.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ACVYX.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GJVUW.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JWDMV.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XMMNW.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YHPED.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YXPJC.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GIDBD.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UUYNW.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XRJKH.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QHYPD.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PMVHN.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BDADY.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FRQSN.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HDBRX.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BLBMF.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DVBUE.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NFLSD.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DKKTO.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CIFCM.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EPJBC.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YNXNJ.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AMULF.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TNLOE.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UUVQO.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JECTY.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BDGYR.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FVRXO.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LSBNS.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RKNPY.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GIFIW.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IPTFJ.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HSXUI.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HKLUQ.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ALSBN.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BOLTI.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IDCIE.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KIYXN.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HCKVX.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TRUFK.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VSBCN.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YFAWO.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PMLVM.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EIESX.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BWSNA.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YRTOM.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TVHAL.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HFMHX.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RPAUH.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YYNVY.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DEMPV.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HPGYQ.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BGDJX.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AIARJ.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KFDUS.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CTNOK.bat" "4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TAQYM.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MMNIG.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WNLPK.bat" "4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v " JavaVM" /t REG_SZ /d "C:\Windows\Java\JavaVM.exe" /f5⤵
- Adds Run key to start application
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD55f11a7103d9c9fa2920b6f56d7e0027a
SHA154d9ea6be78b59022cd7f5e1873f9619d817e29b
SHA2568dd0d138a86cc3fb636c7d25a16ec2871e898a5897ba18c15860dda229ca263c
SHA512f018e91d270aa1cfd448d278b69bccae7c9d7d7d69dfc4fb7964bffae559bd209a9e9c1edc0880e3e816c8e951aed52d46eb38a315a3bd7b6a4718e0a4f95022
-
Filesize
120B
MD552ae8119f2f53a681aac2878e2d3c0c1
SHA19b71831736f202d0f68e16346ce8661b7d081922
SHA256ab96f42d209ebe09414c8a31589a6dd642bcd19a7b4ff0bf38c0da0ad6ea82f0
SHA51203c9d8747033542fdd0bd4069e0ce6721d7d945caa945cee25bb5cf8cccb4ced4c913aa1fe7212a727b111359a1d539a111cf101e8906259fce3cac3282a58f1
-
Filesize
118B
MD55dde409d2600f08591e39c3e85c60345
SHA16a7d6455cef12fd2702c5191dcf34ddec8b45c50
SHA25601fcc76d6754c2836cf8698efe133bbe0782c5a086dcc41cc26277fe5b100692
SHA5120bcfa61719dc8ba68efe68a561d6fca241f71d18657bf7f3067db4c20f7af7b5d0a9fb02478ec130a8387dd2d25e1ed123097f775ff2033b9d05fa8af6a1be83
-
Filesize
669KB
MD564bb5f34d14136aecb74a9823b05da95
SHA1780bf7c4621cf7b0baebfc5b1d091b8747a9a2c4
SHA2563dfa9e7711d8d1f684d630d91554beddf4520908598018835b93625d6f895a79
SHA512ea912e24997a9a7fd3364bb29c178cf02f901f5dee05496078741414feccbd839a53cfda0e3486bbf736cf53f8c387ac52175c6c3458f2af470be805312c5dc9
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
28KB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
360KB
-
Filesize
6.9MB
-
Filesize
6.9MB